The present invention relates to protection mechanisms in computer systems. More specifically, the present invention relates to a method and an apparatus for controlling access to services provided by other applications in protected memory systems.
Programming languages such as the Java.TM. programming language (developed by SUN Microsystems, Inc. of Palo Alto, Calif.) and associated supporting interfaces presently provide a reliable and secure infrastructure to support the transfer of an application across a computer network, and to run the application on a wide range of computing platforms. Because of developments such as Java, it is becoming increasingly common to load an application, such as a Java applet, from a remote server onto a local machine, and to execute the application on the local machine.
However, present computing systems are not designed to allow computer applications from different vendors to interact with each other in a controlled way so that the applications can work together to accomplish a given task. One problem in doing so is that application vendors typically want to control the way in which these interactions take place. For example, it may be useful for a tax application to access capital gains information from a home brokerage application. However, the home brokerage application needs to protect the privacy of the customer's portfolio. Hence, the tax application cannot be given unrestricted access portfolio data from the home brokerage application.
Historically, the task of controlling accesses to services in computer systems has been handled through hardware mechanisms, such as hardware capabilities systems. However, such special-purpose hardware is not present on all computing platforms. Consequently, it is not practical to use such hardware to control access to services for portable applications, such as a Java.TM. applet, which is designed to operate across a wide range of computing platforms.